Risk Management & Corporate Governance 1. What is Risk? Risk arises from uncertainty; but all...
-
Upload
rodney-wright -
Category
Documents
-
view
214 -
download
2
Transcript of Risk Management & Corporate Governance 1. What is Risk? Risk arises from uncertainty; but all...
Risk Management& Corporate Governance
1
What is Risk?
Risk arises from uncertainty; but all uncertainties do not carry risk.
Possibility of an unfavorable outcome of an uncertainty is risk.
Outcome of an uncertainty may even be favorable. Is that a risk? In certain cases, yes.
2
Why take risks?
Because you have to.
Because it brings rewards.
3
Risk Management Process
Risk Identification
Risk Assessment
Selection of risk management techniques
Implementation
Review
4
Risk Identification
Risk profile of a company
Formal listing of all potential risks.
External professional help
Risk is inevitable; however unfavorable consequences of risk can be controlled.
Degree of risk to be assumed
5
Classification of Risk
Production risk
Price risk of inputs
Price risk of outputs
Project risk
Environmental risk (weather)
Political risk
Economic conditions risk
6
Risk Assessment
Having listed all the potential risks, ask:
How likely is it for any of these risks to actually materialize?
What is the maximum possible loss that can arise from each of the listed situations?
Can you stand that loss?
7
Risk Management Techniques
Risk avoidance
Loss prevention and control
Internal controls
Risk retention
Risk transfer
8
Implementing the Plan
Get quotes, find the best provider and create a contract.
Keep reviewing the situation.
Keep revising your risk profile.
Keep a record of cost of risk transfer against benefits of risk transfer.
Amend plans as necessary.
9
Is risk management a Corporate Governance issue?
Board is responsible for protection of company assets.
Board must work to improve shareholders’ value, which is not possible without taking some risks.
Not taking risks may be the biggest risk.
10
Internal Control
All that a company does internally to protect its assets, ensure the proper conduct of its affairs and accuracy of its records.
Risk management is not just part of “protecting the assets of a company”, it is an essential feature of proper conduct of its affairs.
11
Objectives of Internal Control
That all that is due to the company, comes to the company.
That the company pays only what should be paid out
That all incomes, expenses, assets and liabilities are properly recorded
That the assets of the company are protected and used only for company’s business.
That the company’s records are reliable
12
Tools of Internal Control
Defined Procedures Only one way of doing an action
Segregation of duties (internal check)
Controls Physical (cash in safe, maintenance)
Managerial (e.g. budgets, limits, approvals, etc.)
Supervision
Accounting and auditing checks
Selection of right personnel
13
Setting Internal Controls
Draw internal control policies.
Design internal control systems
Document all procedures
Train the staff
Ensure that the procedures are being followed.
Institute internal audit
Curb exceptions.
14
Monitoring Internal Controls
The system should generate reports. Frequency of reports
Adequacy of reports
Regular review of reports and action there-on. Follow up.
Investigation of major lapses
Internal Audit
Certification at critical stages.
15
Designing Procedures
Nature of work.
Extent of risk.
Cost of procedure.
Facilitate work, not hamper it.
Compliance with laws, regulations
Promote efficiency culture
Immediate notice of exceptions
16
Internal Audit
A control that functions by examining and evaluating the effectiveness of other controls.
Includes checking, analyses, appraisals, recommendations, advice and information.
Regular or Need based.
17
The internal auditor
Part of management; however does not report to management.
Detects errors and frauds
Helps management correct errors and minimize impact of frauds
Helps improve controls.
18
Advantages of Internal Audit
Keeps workers alert
Timely detection of errors & frauds
Enhances reliability of accounting and supporting records
Reduces external audit work
19
Types of Internal Audits
Regular, continuous internal audit
Need based investigation
VFM audit for specific purpose
Pre-disbursement and post-payment audits.
Records audits and Procedure Audits
20
Risk Management Reporting
CC of CG requires:
Audit Committee’s Report
Board’s Statement on Internal Controls
21
Audit Committee’s Report
List significance risks; how they are being identified, assessed and managed.
Report on effectiveness of the systems put in place to manage these risks
List of actions being taken to remedy significant failings or weaknesses
Comment on need for greater monitoring of procedures
22
Board’s Statement onInternal Control
Essentially it is about status of internal controls, e.g.
There is an ongoing process for identifying, evaluating and managing significant risks.
That the process was there during the year under report.
It is being regularly reviewed by the Board.
It is in accordance with Turnbull Guidance
23
Turnbull Report
Risk Assessment
Control Environment
Control Activities
Information and Communication
Monitoring
24
Risk Assessment
Clear objectives, clearly communicated to all concerned.
Significant risks assessed regularly Market risks
Technological risks (H&S, Environment)
Credit and liquidity risks
Reputational risks, legal risks
Clear understanding of risks being retained
25
Control Environmentand Activities
Who controls? Are they independent?
Are controls/ authority/ responsibility/ accountability defined?
Does company culture permit controls?
Demonstration of will to control
Communication to all concerned
How are adjustments made when needed?
26
Information & Communication
Frequency and adequacy of reports generated by internal control system.
Who receives what report at what intervals?
How reliable are these reports?
What checks are in place to ensure reliability of these reports?
27
Monitoring
Are control processes part of the normal operational processes?
Special communication to the Board by management
Monitoring of Management by Board
28
Disaster Recovery Plans
Disasters happen, or are made to happen.
What plans does a company have to ensure that:
Its operations are restored quickly
Its data is not lost
Most important for financial institutions
29